Bug 139592

While running tests, I just saw css3/masking/mask-svg-script-mask-to-entire-svg.html cause a crash which indicates bad behavior: Application Specific Information: CRASHING TEST: css3/masking/mask-svg-script-mask-to-entire-svg.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000116070a2a WTFCrash + 42 1 com.apple.WebCore 0x00000001192c13d9 WebCore::StyleResolver::loadPendingResources() + 153 (StyleResolver.cpp:3759) 2 com.apple.WebCore 0x00000001192bb0a2 WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const*, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache) + 1906 (StyleResolver.cpp:1827) 3 com.apple.WebCore 0x00000001192b8ca3 WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion const*) + 1251 (StyleResolver.cpp:803) 4 com.apple.WebCore 0x00000001193739f6 WebCore::SVGElement::customStyleForRenderer(WebCore::RenderStyle&) + 150 (SVGElement.cpp:790) 5 com.apple.WebCore 0x00000001192e796a WebCore::Style::styleForElement(WebCore::Element&, WebCore::RenderStyle&) + 106 (StyleResolveTree.cpp:259) 6 com.apple.WebCore 0x00000001192e59f2 WebCore::Style::resolveLocal(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) + 146 (StyleResolveTree.cpp:749) 7 com.apple.WebCore 0x00000001192e342d WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) + 301 (StyleResolveTree.cpp:918) 8 com.apple.WebCore 0x00000001192e368b WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) + 907 (StyleResolveTree.cpp:957) 9 com.apple.WebCore 0x00000001192e368b WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) + 907 (StyleResolveTree.cpp:957) 10 com.apple.WebCore 0x00000001192e368b WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) + 907 (StyleResolveTree.cpp:957) 11 com.apple.WebCore 0x00000001192e32ea WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change) + 474 (StyleResolveTree.cpp:996) 12 com.apple.WebCore 0x0000000117b72996 WebCore::Document::recalcStyle(WebCore::Style::Change) + 470 (Document.cpp:1798) 13 com.apple.WebCore 0x0000000117b6eadf WebCore::Document::updateStyleIfNeeded() + 431 (Document.cpp:1841) 14 com.apple.WebCore 0x0000000117ecb6a2 WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy) + 1218 (FrameLoader.cpp:473) 15 com.apple.WebCore 0x0000000117ecbbef WebCore::FrameLoader::closeURL() + 111 (FrameLoader.cpp:547) 16 com.apple.WebCore 0x0000000117ed5d75 WebCore::FrameLoader::detachFromParent() + 53 (FrameLoader.cpp:2486) 17 com.apple.WebCore 0x0000000117ed61fb WebCore::FrameLoader::frameDetached() + 59 (FrameLoader.cpp:2479) 18 com.apple.WebCore 0x00000001193d33b1 WebCore::SVGImage::~SVGImage() + 561 (SVGImage.cpp:60) 19 com.apple.WebCore 0x00000001193d3795 WebCore::SVGImage::~SVGImage() + 21 (SVGImage.cpp:65) 20 com.apple.WebCore 0x00000001193d37b9 WebCore::SVGImage::~SVGImage() + 25 (SVGImage.cpp:56) 21 com.apple.WebCore 0x00000001177c4113 WTF::RefCounted<WebCore::Image>::deref() + 83 (RefCounted.h:146) 22 com.apple.WebCore 0x00000001177c40b1 void WTF::derefIfNotNull<WebCore::Image>(WebCore::Image*) + 65 (PassRefPtr.h:41) 23 com.apple.WebCore 0x00000001177fcf67 WTF::RefPtr<WebCore::Image>::clear() + 39 (RefPtr.h:110) 24 com.apple.WebCore 0x00000001177f8c77 WebCore::CachedImage::clearImage() + 103 (CachedImage.cpp:365) 25 com.apple.WebCore 0x00000001177f668d WebCore::CachedImage::~CachedImage() + 61 (CachedImage.cpp:108) 26 com.apple.WebCore 0x00000001177f67b5 WebCore::CachedImage::~CachedImage() + 21 (CachedImage.cpp:108) 27 com.apple.WebCore 0x00000001177f6809 WebCore::CachedImage::~CachedImage() + 25 (CachedImage.cpp:106) 28 com.apple.WebCore 0x000000011780423e WebCore::CachedResource::deleteIfPossible() + 94 (CachedResource.cpp:487) 29 com.apple.WebCore 0x0000000117804f4e WebCore::CachedResource::unregisterHandle(WebCore::CachedResourceHandleBase*) + 174 (CachedResource.cpp:666) 30 com.apple.WebCore 0x000000011781098a WebCore::CachedResourceHandleBase::setResource(WebCore::CachedResource*) + 74 (CachedResourceHandle.cpp:64) 31 com.apple.WebCore 0x0000000117815ce7 WebCore::CachedResourceHandle<WebCore::CachedResource>::operator=(WebCore::CachedResourceHandle<WebCore::CachedResource> const&) + 55 (CachedResourceHandle.h:73) 32 com.apple.WebCore 0x0000000117811e07 WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&) + 1287 (CachedResourceLoader.cpp:478) 33 com.apple.WebCore 0x0000000117812820 WebCore::CachedResourceLoader::requestSVGDocument(WebCore::CachedResourceRequest&) + 64 (CachedResourceLoader.cpp:246) 34 com.apple.WebCore 0x0000000117822035 WebCore::CachedSVGDocumentReference::load(WebCore::CachedResourceLoader*) + 309 (CachedSVGDocumentReference.cpp:64) 35 com.apple.WebCore 0x00000001192c70ff WebCore::StyleResolver::loadPendingSVGDocuments() + 527 (StyleResolver.cpp:3403) 36 com.apple.WebCore 0x00000001192c13f7 WebCore::StyleResolver::loadPendingResources() + 183 (StyleResolver.cpp:3770) 37 com.apple.WebCore 0x00000001192bb0a2 WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const*, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache) + 1906 (StyleResolver.cpp:1827) 38 com.apple.WebCore 0x00000001192b8ca3 WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion const*) + 1251 (StyleResolver.cpp:803) 39 com.apple.WebCore 0x00000001192e7a32 WebCore::Style::styleForElement(WebCore::Element&, WebCore::RenderStyle&) + 306 (StyleResolveTree.cpp:263) 40 com.apple.WebCore 0x00000001192e6bb0 WebCore::Style::createRendererIfNeeded(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) + 208 (StyleResolveTree.cpp:288) 41 com.apple.WebCore 0x00000001192e6777 WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) + 263 (StyleResolveTree.cpp:615) 42 com.apple.WebCore 0x00000001192e717b WebCore::Style::attachChildren(WebCore::ContainerNode&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&) + 347 (StyleResolveTree.cpp:484) 43 com.apple.WebCore 0x00000001192e6849 WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) + 473 (StyleResolveTree.cpp:631) 44 com.apple.WebCore 0x00000001192e717b WebCore::Style::attachChildren(WebCore::ContainerNode&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&) + 347 (StyleResolveTree.cpp:484) 45 com.apple.WebCore 0x00000001192e6849 WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) + 473 (StyleResolveTree.cpp:631) 46 com.apple.WebCore 0x00000001192e5af0 WebCore::Style::resolveLocal(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) + 400 (StyleResolveTree.cpp:756) 47 com.apple.WebCore 0x00000001192e342d WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) + 301 (StyleResolveTree.cpp:918) 48 com.apple.WebCore 0x00000001192e32ea WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change) + 474 (StyleResolveTree.cpp:996) 49 com.apple.WebCore 0x0000000117b72996 WebCore::Document::recalcStyle(WebCore::Style::Change) + 470 (Document.cpp:1798) 50 com.apple.WebCore 0x0000000117b6eadf WebCore::Document::updateStyleIfNeeded() + 431 (Document.cpp:1841) 51 com.apple.WebCore 0x0000000117b7f472 WebCore::Document::finishedParsing() + 450 (Document.cpp:4613) 52 com.apple.WebCore 0x0000000118027c68 WebCore::HTMLConstructionSite::finishedParsing() + 24 (HTMLConstructionSite.cpp:396) 53 com.apple.WebCore 0x0000000118160e17 WebCore::HTMLTreeBuilder::finished() + 183 (HTMLTreeBuilder.cpp:3010) 54 com.apple.WebCore 0x0000000118056dee WebCore::HTMLDocumentParser::end() + 190 (HTMLDocumentParser.cpp:440) 55 com.apple.WebCore 0x0000000118054e53 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() + 275 (HTMLDocumentParser.cpp:451) 56 com.apple.WebCore 0x0000000118054c60 WebCore::HTMLDocumentParser::prepareToStopParsing() + 288 (HTMLDocumentParser.cpp:166) 57 com.apple.WebCore 0x0000000118056e43 WebCore::HTMLDocumentParser::attemptToEnd() + 67 (HTMLDocumentParser.cpp:463) 58 com.apple.WebCore 0x0000000118056e98 WebCore::HTMLDocumentParser::finish() + 72 (HTMLDocumentParser.cpp:491) 59 com.apple.WebCore 0x0000000117c0100a WebCore::DocumentWriter::end() + 346 (DocumentWriter.cpp:247) 60 com.apple.WebCore 0x0000000117bc89d3 WebCore::DocumentLoader::finishedLoading(double) + 1587 (DocumentLoader.cpp:441) 61 com.apple.WebCore 0x0000000117bc830e WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) + 270 (DocumentLoader.cpp:375) 62 com.apple.WebCore 0x0000000117803262 WebCore::CachedResource::checkNotify() + 130 (CachedResource.cpp:293) 63 com.apple.WebCore 0x0000000117803374 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) + 52 (CachedResource.cpp:310) 64 com.apple.WebCore 0x00000001177fed1a WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 218 (CachedRawResource.cpp:105)